Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
An AWS AppSync GraphQL API key has been found directly in the code or configuration. Storing sensitive credentials like API keys in source code makes them easy to leak or expose accidentally.
Impact#
If an attacker obtains this API key, they could access or manipulate your AppSync GraphQL API, potentially exposing or altering sensitive data and incurring unexpected costs. This could lead to data breaches, unauthorized actions, and compromise of your cloud environment.